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1 This action is in response to the communication filed on 12/14/2005. 

2 DETAILED ACTION 

3 Response to Arguments 

4 Applicant argues primarily that: 

5 a. The combination of Francisco and Clifton did not disclose that the switches are 

6 activated by receiving a signal from the security device. 

7 b. Francisco did not disclose denying the computer processor access to and from the 

8 resources or resource ranges selected by the security device. 

9 c. Francisco did not disclose denying access based on any dynamic restriction set by 

10 the security processor. 

1 1 The examiner would first like to point out that in the last paragraph of page 1 5 of the 

12 communication dated 12/14/2005, the applicant appears to have misinterpreted the rejection 

13 made in the office action dated 9/14/2005. The applicant has cited a portion of Francisco and 

14 argues that this particular section does not disclose what the examiner has claimed it to have 

1 5 disclosed. However, the paragraph cited is not the 3'''* paragraph of column 4 as recited in the 

16 rejection, but instead it is the 4^ paragraph. The correct citation reads "The security system 

17 utilizes software in a client/server relationship. The base computer makes requests of the security 

18 software. The security software then services these requests and conveys the results to the base 

19 computer. From the base computer standpoint, the security software fiinctions like a disk device 

20 subsystem." 

21 Regarding applicant's argument a., that the combination of Francisco and Clifton did not 

22 disclose that the switches are activated by receiving a signal from the security device, the 
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1 examiner does not find the argument persuasive. Francisco clearly disclosed in Col. 5 Paragraph 

2 6 that the access control software was responsible for configuring the AMU hardware. As can be 

3 seen in Figs. 1 and 3, the AMU hardware and the access control software were separate fi-om one 

4 another and as such in order to "load the look-up tables and control registers of the AMU 

5 hardware" the data (signal) that was loaded must have been sent from the access control software 

6 to the AMU hardware. As discussed below, it would have been obvious that the access control 

7 software was being executed by the security processor 7 and therefore it would have been 

8 obvious that the security processor sent the data (signal) which activated the switches. 

9 Therefore, the examiner does not find the argument persuasive. 

10 Regarding applicant's argument b., that Francisco did not disclose denying the computer 

1 1 processor access to and from the resources or resource ranges selected by the security device, the 

12 examiner does not find the argument persuasive. In response to applicant's arguments against the 

13 references individually, one cannot show nonobviousness by attacking references individually 

14 where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 

15 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 

16 1986). In this case, the addition of the teachings of Clifton provide that the secure instructions 

17 would only be accessible by the security processor, which would execute the instructions. 

18 Therefore, the examiner does not find the argument persuasive. 

19 In response to applicant's argument c, that the references fail to show certain features of 

20 applicant's invention, it is noted that the features upon which applicant relies (i.e., denying 

21 access based on any dynamic restriction set by the security processor) are not recited in the 

22 rejected claim(s). Although the claims are interpreted in light of the specification, limitations 
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1 from the specification are not read into the claims. See In re Van Germs, 988 F.2d 1 1 8 1, 26 

2 USPQ2d 1057 (Fed. Cir, 1993). Therefore, the examiner does not find the argument persuasive. 

3 Because the examiner does not find the arguments persuasive, the examiner has 

4 maintained the prior art rejections presented below. 

5 Claims 1-8 have been canceled. 

6 Claims 9-21 have been examined 

7 All objections and rejections not set forth below have been withdrawn. 

8 Claim Rejections - 35 USC §103 

9 Claims 9-16 are rejected under 35 U.S.C. 103(a) as being unpatentable over Francisco et 

10 al. (US Patent Number 5,263,147) hereinafter referred to as Francisco, and further in view of 

1 1 Clifton (US Patent Number 5,469,556). 

12 Regarding claim 9, Francisco disclosed a system for data processing a security critical 

13 activity in a secure management mode in a computer (See Francisco Abstract Lines 6-10), which 

14 computer comprises a processor (See Francisco Fig. 1 Element 1), handling devices (See 



15 Francisco Fig. 1 Element 25), memory storage means (See Francisco Fig. 1 Element 30), 

16 hereafter named resources; that the system comprises a security device (See Francisco Fig. 1 

17 Elements 31 and 100) comprising a processor (See Francisco Fig. 1 Element 7) and signal 

18 generators (See Francisco Fig. 3 Element 321), a number of control means, hereafter named 

19 switches (See Francisco Fig. 3 Element 325), with signal receivers (See Francisco Col. 5 

20 Paragraph 6 wherein it was inherent that the AMU control had signal generators and the AMU 

21 had signal receivers in order for the Control to have configured the AMU) arranged respectively 

22 between the security device and the pre-selected resources (See Francisco Fig. 1 Elements 3 1 , 
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1 100, and 30), that the switches contain information regarding accessibility to and from the 

2 resources, or parts of the resources, hereafter named resource ranges (See Francisco Fig. 1 

3 Element 102 and Claims 1-2), characterized in that the switch controls requests from a processor 

4 of the computer, hereafter named the computer processor, to the resources or resource ranges 

5 depending on the information contained in the switch (See Francisco Fig. 1 Element 102, Col. 2 

6 Paragraphs 2-3, and Claims 1-2), and that in response to a call from the computer processor or 

7 the handling devices, the switches are activated by receiving a signal from the security device, 

8 said signal from the security device activating the switches to be in a condition (See Francisco 

9 Col- 5 paragraph 6) i) enabling the security device access to and from the resources or resource 

10 ranges selected by the security device, arid ii) denying the computer processor access to and from 

1 1 the resources or resource ranges selected by the security device (See Francisco Col. 4 Paragraph 

12 3 and Claim 1 wherein the AMU has access to the requested memory, and the subject is denied 

13 access when they are requesting an access outside the subjects access rights), in that the signal 

14 (SGpm) can be generated only by the security device (See Francisco Col. 5 Paragraph 6 Lines 1- 

1 5 4), and in that the security device comprises a signal generator (SGa), wherein, when a switch 

16 receives a signal (SGa), together with new information (addresses, operation, data), the security 

17 device is able of altering a content of the information of that switch (See Francisco Col. 5 Lines 

18 39-50), but Francisco failed to disclose that the security device processor had access to the 

19 resources or the security device processor executed the security critical activity. 

20 Clifton teaches that in a computing system it is desirable to have classify certain 

21 instructions as secure and others as unsecure and to have a normal processor execute the 
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1 unsecure instaictions and a secure processor to processor to execute the secure instructions (See 

2 Clifton Col. 1 Lines 19-25, Col. 4 Lines 6-65, and Col. 5 Lines 25-45). 

3 It would have been obvious to the ordinary person skilled in the art at the time of 

4 invention to employ the teachings of Clifton in the personal computer security system of 

5 Francisco by classifying certain instructions as secure and only allowing the secure instructions 

6 to be executed by the security processor. This would have been obvious because the ordinary 

7 person skilled in the art would have been motivated to protect against the destruction of 

8 important data and the compromise of secret or confidential data. 

9 Regarding claim 15, Francisco disclosed a system for data processing a security critical 

10 activity in a secure management mode in a computer (See Francisco Abstract Lines 6-10), 

1 1 comprising: a computer comprising a computer processor (See Francisco Fig. 1 Element 1), 

12 handling devices (See Francisco Fig. 1 Element 25), memory storage resources (See Francisco 

13 Fig. 1 Element 30); a security device (See Francisco Fig. 1 Elements 31 and 100) comprising 

14 security device processor (See Francisco Fig. 1 Element 7) and signal generators (See Francisco 

15 Fig. 3 Element 321) inputting into the security device processor (See Francisco Col. 2 Lines 22- 

16 29 and Col. 5 Paragraph 6); and switch control means (See Francisco Fig. 3 Element 325) 

17 comprising switches and signal receivers (See Francisco CoL 5 Paragraph 6 wherein it was 

18 inherent that the AMU control had signal generators and the AMU had signal receivers in order 

19 for the Control to have configured the AMU), the switches of the switch control means arranged 

20 respectively between the security device and pre-selected memory storage resources (See 

21 Francisco Fig, 1 Elements 31, 100, and 30), wherein, the switches of the switch control means 

22 contain information regarding accessibility to and from the memory storage resources, or ranges 
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1 within the memory storage resources (See Francisco Fig. 1 Element 102, and Claims 1-2), the 

2 switch control means, depending on the information contained in the switches, controls requests 

3 from the computer processor to the memory storage resources or ranges within the memory 

4 storage resources (See Francisco Fig. 1 Element 102, Col. 2 Paragraphs 2-3, and Claims 1-2), 

5 and in response to a call from the computer processor or the handling devices, the switches are 

6 activated receiving a control signal from the security device and the security device processor, 

7 said control signal activating the switches to be in a condition (See Francisco Col. 5 paragraph 6) 

8 i) enabling the security device access to and from the memory storage resources or the ranges 

9 within the switch control means memory storage resources selected by the security device and ii) 

10 denying the computer processor access to and from the memory storage resources or the ranges 

1 1 within the memory storage resource selected by the security device (See Francisco Col. 4 

12 Paragraph 3 and Claim 1 wherein the AMU has access to the requested memory, and the subject 

13 is denied access when they are requesting an access outside the subjects access rights), the 

14 control signal (SGPM) can be generated only by the security device (See Francisco Col. 5 

15 Paragraph 6 Lines 1-4), upon any switch receiving a signal (SGA), together with new 

16 information (addresses, operation, data), the security device configured to alter a content of the 

17 information of that switch (See Francisco Col. 5 Lines 39-50), and the security device processor 

18 is a different processor than the computer processor (See Francisco Fig. 1 Elements 1 and 7), but 

19 Francisco failed to disclose that the security device processor had access to the resources or the 

20 security device processor executed the security critical activity. 

21 Clifton teaches that in a computing system it is desirable to have classify certain 

22 instructions as secure and others as unsecure and to have a normal processor execute the 



Application/Control Number: 09/889,126 Page 8 

Art Unit: 2131 

1 unsecure instructions and a secure processor to processor to execute the secure instructions (See 

2 Clifton Col. 1 Lines 19-25, Col. 4 Lines 6-65, and Col. 5 Lines 25-45). 

3 It would have been obvious to the ordinary person skilled in the art at the time of 

4 invention to employ the teachings of Clifton in the personal computer security system of 

5. Francisco by classifying certain instructions as secure and only allowing the secure instructions 

6 to be executed by the security processor. This would have been obvious because the ordinary 

7 person skilled in the art would have been motivated to protect against the destruction of 

8 important data and the compromise of secret or confidential data. 

9 Regarding claim 16, Francisco disclosed a system for data processing a security 

10 critical activity in a secure management mode in a computer (See Francisco Abstract Lines 6- 

11 10), comprising: a computer comprising a computer processor (See Francisco Fig. 1 Element 1), 

12 connected to handling devices (See Francisco Fig. 1 Element 25) and to memory storage 

13 resources (See Francisco Fig. 1 Element 30); a security device (See Francisco Fig, 1 Elements 31 

14 and 100) comprising a security device processor (See Francisco Fig. 1 Element 7) and signal 

15 generators (See Francisco Fig. 3 Element 321) inputting into the security device processor (See 

16 Francisco Col. 2 Lines 22-29 and Col. 5 Paragraph 6); and switch control means (See Francisco 

17 Fig. 3 Element 325) comprising switches and signal receivers (See Francisco Col. 5 Paragraph 6 

18 wherein it was inherent that the AMU control had signal generators and the AMU had signal 

19 receivers in order for the Control to have configured the AMU), the switches of the switch 

20 control means arranged between the security device and pre-selected memory storage resources 

21 (See Francisco Fig. 1 Elements 31, 100, and 30), wherein, the switches of the switch control 

22 means contain information regarding accessibility to and fi"om the memory storage resources, 
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1 (See Francisco Fig. 1 Element 102, and Claims 1-2), the switch control means, based on the 

2 information contained in the switches, controls requests from the computer processor to the 

3 memory storage resources (See Francisco Fig. 1 Element 102, Col. 2 Paragraphs 2-3, and Claims 

4 1-2), and in response to a call from the computer processor, the switches are activated by 

5 receiving a control signal from the security device and the security device processor, said control 

6 signal activating the switches to be in a condition (See Francisco Col. 5 paragraph 6) to i) enable 

7 the security device access to and from the memory storage resources selected by the security 

8 device and ii) deny the computer processor access to and from the memory storage resources 

9 selected by the security device (See Francisco Col. 4 Paragraph 3 and Claim 1 wherein the AMU 

10 has access to the requested memory, and the subject is denied access when they are requesting an 

1 1 access outside the subjects access rights), the control signal (SGPM) can be generated only by 

12 the security device (See Francisco Col. 5 Paragraph 6 Lines 1-4), upon any switch receiving a 

13 signal (SGA), together with new information (addresses, operation, data), the security device 

14 configured to alter a content of the information of that switch (See Francisco Col. 5 Lines 39-50), 

1 5 and the security device processor is a different processor than the computer processor (See 

16 Francisco Fig. 1 Elements 1 and 7), but Francisco failed to disclose that the security device 

17 processor had access to the resources or the security device processor executed the security 

18 critical activity. 

19 Clifton teaches that in a computing system it is desirable to have classify certain 

20 instructions as secure and others as unsecure and to have a normal processor execute the 

21 unsecure instructions and a secure processor to processor to execute the secure instructions (See 

22 Clifton Col. 1 Lines 19-25, Col. 4 Lines 6-65, and Col. 5 Lines 25-45). 
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1 It would have been obvious to the ordinary person skilled in the art at the time of invention to 

2 employ the teachings of Clifton in the personal computer security system of Francisco by 

3 classifying certain instructions as secure and only allowing the secure instructions to be executed 

4 by the security processor. This would have been obvious because the ordinary person skilled in 

5 the art would have been motivated to protect against the destruction of important data and the 

6 compromise of secret or confidential data. 

7 Regarding claim 10, the combination of Francisco and Clifton disclosed that the 

8 information contained in the switches controls access to resources for requests from other 

9 possible processors contained in or connected to the computer (See Francisco Col. 6 line 68 - 

10 Col. 7 Line 4). 

1 1 Regarding claim 1 1, the combination of Francisco and Clifton disclosed that the switches 

12 comprise a signal receiver by which it can detect which source is handling the computer, and that 

13 the switch compares this with the resource which requests access to a resource or resource range 

14 controlled by the switch, and depending on the information in the switch, enables or denies 

1 5 access to that resource (See Francisco Fig. 2b). 

16 Regarding claim 12, the combination of Francisco and Clifton disclosed that the 

17 information in the switch enables the switch to control certain areas of the memory means are 

18 allocated to be accessed by the processor of the security device only (See Francisco Col. 4 

19 Paragraph 3). 

20 Regarding claim 13, the combination of Francisco and Clifton disclosed that the 

21 information in the switch enables the switch to control that certain resources are accessible by 

22 the computer processor when not in secure management mode, and only accessible by the 
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1 security device when in secure management mode (See Francisco Col. 2 paragraph 3 wherein the 

2 large address space mode constituted the non-secure mode and the segmented address space 

3 constituted the secure mode). 

4 Regarding claims 14, and 17-18, the combination of Francisco and Clifton disclosed that 

5 the switches are hardware switches (See Francisco Fig. 4 Element 325), the switches configured 

6 for i) a first normal mode wherein the computer processor has access to the resources, and ii) a 

7 second protected mode wherein the computer processor is denied access to the resources and the 

8 security processor is allowed access to the resources (See the rejection of claim 9 above), and 

9 said signal from the security device, enabling the security device and the security processor 

10 access to the resources and denying the computer processor access to the resources, changes the 

1 1 switches fro the first normal mode into the second protected mode (See the rejection of claim 9 

12 above and Francisco Col 5 paragraph 6). 

13 Regarding claims 19-21, the combination of Francisco and Clifton disclosed the switches 

14 each comprise a protection mode signal receiver configured to receive said signal from the 

15 security device activating the switches to be in the condition enabling the security device and the 

16 security processor access to the resources and denying the computer processor access to the 

17 resources (See the rejection of claim 9 above, and Francisco Col. 5 paragraph 6 wherein it was 

18 inherent that the AMU hardware contain "signal receivers" in order to have received the 

19 configuration messages), upon reception of said signal from the security device by the protection 

20 mode signal receiver, the protection mode signal receiver reconfigures the switches into a 

21 protection mode configuration allocating specific resources needed for executing the security 

22 critical activity to the security processor and denying the computer processor access to the 
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1 specific resources (See the rejection of claim 9 above, Francisco Col. 5 paragraph 6), and upon 

2 the switches being placed in the protection mode configuration, the security processor executes 

3 the security critical activity (See the rejection of claim 9 above). 

4 Conclusion 

5 Claims 1-8 have been have been canceled and claims 9-21 have been rejected.. 

6 Applicant's amendment necessitated the new ground(s) of rejection presented in this 

7 Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 

8 Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

9 A shortened statutory period for reply to this final action is set to expire THREE 

10 MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 

1 1 MONTHS of the mailing date of this final action and the advisory action is not mailed until after 

12 the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 

13 will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 

14 CFR 1 , 136(a) will be calculated from the mailing date of the advisory action. In no event, 

1 5 however, will the statutory period for reply expire later than SIX MONTHS from the date of this 

16 final action. 

17 Any inquiry concerning this communication or earlier communications from the 

18 examiner should be directed to Matthew T. Henning whose telephone number is (571) 272-3790. 

1 9 The examiner can normally be reached on M-F 8-4. 

20 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

21 supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 

22 organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 



2 Application Information Retrieval (PAIR) system. Status information for published applications 

3 may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

4 applications is available through Private PAIR only. For more information about the PAIR 

5 system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

6 system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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